TY - JOUR
AB - AbstractThe use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the findings of these tools are often unsatisfying. Users report high numbers of false positives or long analysis times, making the tools unusable in the daily workflow. To address this, SAST tool creators provide a wide range of configuration options, such as customization of rules through domain-specific languages or specification of the application-specific analysis scope. In this paper, we study the configuration space of selected existing SAST tools when used within the integrated development environment (IDE). We focus on the configuration options that impact three dimensions, for which a trade-off is unavoidable, i.e., precision, recall, and analysis runtime. We perform a between-subjects user study with 40 users from multiple development and security teams - to our knowledge, the largest population for this kind of user study in the software engineering community. The results show that users who configure SAST tools are more effective in resolving security vulnerabilities detected by the tools than those using the default configuration. Based on post-study interviews, we identify common strategies that users have while configuring the SAST tools to provide further insights for tool creators. Finally, an evaluation of the configuration options of two commercial SAST tools, Fortify and CheckMarx, reveals that a quarter of the users do not understand the configuration options provided. The configuration options that are found most useful relate to the analysis scope.
AU - Piskachev, Goran
AU - Becker, Matthias
AU - Bodden, Eric
ID - 49439
IS - 5
JF - Empirical Software Engineering
KW - Software
SN - 1382-3256
TI - Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study
VL - 28
ER -
TY - CHAP
AU - Richter, Susanne
ID - 51789
T2 - Verhandlungen des 41. Kongresses der Deutschen Gesellschaft für Soziologie in Bielefeld 2022
TI - Cancel Culture als Arena politisierter Wissenskonflikte Am Beispiel einer Debatte um rassistische Begriffe im Sommer 2022
ER -
TY - CHAP
AU - Götte, Thorsten
AU - Knollmann, Till
AU - Meyer auf der Heide, Friedhelm
AU - Scheideler, Christian
AU - Werthmann, Julian
ED - Haake, Claus-Jochen
ED - Meyer auf der Heide, Friedhelm
ED - Platzner, Marco
ED - Wachsmuth, Henning
ED - Wehrheim, Heike
ID - 45875
T2 - On-The-Fly Computing -- Individualized IT-services in dynamic markets
TI - Capabilities and Limitations of Local Strategies in Dynamic Networks
VL - 412
ER -
TY - JOUR
AU - Ebersold, Felix
AU - Hechelmann, Ron-Hendrik
AU - Holzapfel, Peter
AU - Meschede, Henning
ID - 49565
JF - Energy Conversion and Management: X
KW - Energy Engineering and Power Technology
KW - Fuel Technology
KW - Nuclear Energy and Engineering
KW - Renewable Energy
KW - Sustainability and the Environment
SN - 2590-1745
TI - Carbon insetting as a measure to raise supply chain energy efficiency potentials: Opportunities and challenges
VL - 20
ER -
TY - CHAP
AU - Akbulut Irmak, Emine Fulya
AU - Hanses, Hendrik
AU - Horwath, Ilona
AU - Tröster, Thomas
ID - 48643
SN - 2703-1543
T2 - Climate Protection, Resource Efficiency, and Sustainable Engineering
TI - Case Study III: Challenges of lightweight design, vehicles, and rescuers
ER -
TY - CHAP
AU - Menge, Dennis
AU - Milaege, Dennis
AU - Hoyer, Kay-Peter
AU - Schmid, Hans-Joachim
AU - Schaper, Mirko
ED - Horwath, Illona
ED - Schweizer, Swetlana
ID - 46870
SN - 2703-1543
T2 - Climate Protection, Resource Efficiency, and Sustainable Engineering
TI - Case Study IV: Individualized Medical Technology using Additive Manufacturing
ER -
TY - JOUR
AB - DNA origami nanostructures have emerged as functional materials for applications in various areas of science and technology. In particular, the transfer of the DNA origami shape into inorganic materials using...
AU - Pothineni, Bhanu Kiran
AU - Grundmeier, Guido
AU - Keller, Adrian
ID - 46061
JF - Nanoscale
KW - General Materials Science
SN - 2040-3364
TI - Cation-dependent assembly of hexagonal DNA origami lattices on SiO2 surfaces
ER -
TY - GEN
AU - Rüther, Torben
AU - Schmid, Hans-Joachim
ID - 43236
KW - CDMA
TI - CDMA: Centrifugal Differential Mobility Analyzer - Ein Messprinzip zur Bestimmung von Multidimensionalen Partikeleigenschaften (Vortrag)
ER -
TY - GEN
AU - Krimphove, Dieter
ID - 36445
T2 - Manz Online
TI - CE-Kennzeichnung
ER -
TY - GEN
AU - Hollenhorst, Viola
AU - Kenig, Eugeny Y.
ID - 43047
TI - CFD-Untersuchungen der Fluiddynamik und des Wärmetransports an rauen Oberflächen
ER -